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This listing of claims will replace all prior versions, and listings, of claims in the application. 
LISTING OF THE CLAIMS 

Claim 1 (Previously Amended): A digital rights management system for controlling the 
distribution of digital content to player applications, the system comprising: 

a verification system to validate the integrity of the player applications; 

a trusted content handler to decrypt content and to transmit the decrypted content to 
the player applications, using an extension mechanism defined by the application, and to 
enforce usage rights associated with the content; and 

a user interface control module to ensure that uo e rs of the user interaction with the 
player applications ar e not e xposed to actions that does not violate the usage rights; 

wherein components of the verification system, the trusted content handler, and 
user interface control module of the digital rights management system operate independenflv 
from the plaver application and r e side locallv in an e pemt e n indoprmdnntly wtthnnt 
cooperation from the end-user device having said player applications. 

Claim 2 (Original): A digital rights management system according to Claim 1, wherein the 
verification system includes an off-line verifier to verify that the player applications have 
certain properties, and to issue trust certificates to verify that the player applications have 
said properties. 

Claim 3 (Original): A digital rights management system according to Claim 2, wherein the 
verification system further includes a verifying launcher for verifying that a particular player 
application is certified as a trusted application before digital content is transmitted to said 
particular player application. 

Claim 4 (Original): A digital rights management system according to Claim 1, wherein the 
player applications request protected content, and the trusted content handler includes an 
authenticator to verify that a player application that requests protected content has been 
authorized by the verification system to access the requested, protected content. 
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Claim 5 (Original): A digital rights management system according to Claim 1, wherein a user 
interface control module traps user interface related messages generated as a result of user 
interactions with player applications, blocks messages that lead to usage rights violations, 
and passes through other messages to the player applications. 

Claim 6 (Previously Amended): A digital rights management method for controlling the 

distribution of digital content to player applications, the method comprising the steps: 

providing a verification system to validate the integrity of the player applications; 
using a trusted content handler to decrypt content and to transmit the decrypted 
content to the player applications, using an extension mechanism defined by the 
applications, and to . enforce usage rights associated with the content; and 
providing a user interface control module to ensure that uaors of tho the user 

interaction with player applications oro not exposed to aotiona that does not violate the usage 

rights; 

wherein components of the verification system, the trusted content handler, and user 
interface control module of the digital rights management system operate independently from 
the player application and reside l o cally in an operator, indRpnnH n ntly T r Hfhmit nnr^ p^r ntion 
froni tho end-user device having said player applications. 

Claim 7 (Original): A method according to Claim 6, wherein the step of providing a 
verification system includes the step of providing an off-line verifier to verify that the player 
applications have certain properties, and to issue trust certificates to verify that the player 
applications have said properties. 

Claim 8 (Original): A method according to Claim 7, wherein the step of providing a 
verification system further includes the step of providing a verifying launcher for verifying 
that a particular player application is certified as a trusted application before digital content is 
transmitted to said particular player application. 

Claim 9 (Original): A method according to Claim 6, wherein the player appHcations request 
protected content, and the step of using the trusted content handler includes the step of using 
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an authenticator to verify that a player application that requests protected content has hem 
authorized by the verification system to access fhe requested, protected content 

Claim 10 (Previously Amended): A program storage device readable by machine, tangibly 
embodying a program of instructions executable by the machine to perform method for 
controlling the distribution of digital content to player applications, the method steps 
comprising: 

using a verification system to validate the integrity of the player applications; 

using a trusted content handler to decrypt content and to transmit the decrypted 
content to the player applications, using an extension mechanism defmed by the applications, 
and to enforce usage rights associated with the content; and 

using a user interface control module to ensure that usera of tho the user interaction 
witii player applications ar e not e xpoood to actions that does not violate the usage rights; 

wherein components of said verification svstem, the m e tho d trusted content handler, 
.and user interface control module operates independently fi-om the player applications and 
reside locally in an op e mtes independently without cooperation firom tho end-user device 
having said player applications. 

Claim 1 1 (Original): A program storage device according to Claim 1 0, wherein the step of 
using the verification system includes the step of using an off-line verifier to verify that the 
player applications have certain properties, and to issue trust certificates to verify that the 
player applications have said properties. 

Claim 12 (Original): A program storage device according to Claim 1 1, wherein the step of 
using the verification system further includes the step of using a verifying launcher for 
verifying that a particular player application is certified as a. trusted application before digital 
content is transmitted to said particular player application. 

Claim 13 (Original): A program storage device according to Claim 10, wherein the player 
applications request protected content, and the step of using the trusted content handler 
includes the step of using an authenticator to verify that a player application that requests 
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protected content has been authorized by the verification system to access the requested, 
protected content. 

Claim 14 (Currently Amended): A code identity and integrity verification system, 
comprising: 

a certificate generator for receiving applications, for determining if the applications 
exhibit a predefined property, and for issuing a trust certificate for each of the applications 
that exhibits the predefined property; 

a certificate repository for receiving and storing trust certificates issued by the 
certificate generator; 

an ofiF-line a code verifier for v e ri^ing that a to analyze program code of a p articular 
player application to d etemiine whether said particular player application is certified as a 
trusted application before digital content is transmitted to said particular player application; 
and 

an authenticator for receiving requests, using an extension mechanism defined by the 
^plications, to verify that a player application that requests protected content has been 
authorized by the verification system to access the requested, protected content. 

Claim 15 (Original): A code identify and mtegrity verification system according to Claim 14, 
.wherein the code verifier is responsible for launching the player application and verifying the 
identity and integrity of the code xising the information in the trust certificate before 
launching the application; the launch procedure returning process identification information, 
which the code verifier records internally; the authenticator communicating the same or other 
process identification information concerning its own process, which it obtains fi-om system 
service calls, to the code verifier at the time the application requests content from the 
authenticator; the code verifier matching this process identification information against the 
process identification information it recorded; the code verifier returning a code indicating 
whether the process was verified or not. 

Claim 16 (Original): A code identity and integrity verification system according to Claim 14, 
wherein the code verifier receives from the authenticator process identification information at 
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the time the player application calls the authenticator, the code verifier querying the 
operating system with the process identification information or the file names of all modxiles 
loaded for that process; the code verifier using the information in the trust certificate to verify 
the id^tity and integrity of the code modules; retuming a code indicating whether the 
process was verified or not. 

Claim 17 (Original): A code identity and integrity verification system according to Claim 14, 
wherein the trust certificate includes: 

a program identifier identifying said one of the applications; 

a property name identifying an attribute certified by the trust certificate; 

a code digest of the one application; 

a digital signature containing a secret key of the application certifier; and 
a certifier identification containing a public key of the application certifier. 

Claim 1 8 (Currently Amended): A method for verifying the identity and integrity of code, 
comprising the steps: 

using a certificate generator for receiving applications, for determining if the 
applications exhibit a predefined property, and for issuing a trust certificate for each of the 
applications that exhibits the predefined property; 

receiving and storing in a certificate repository trust certificates issued by the 
certificate generator; 

using a an oflf-line code verifier for verifying that a to analyze program code of a 
particular player application to determine whether said particular player ^plication is 
certified as a trusted application before digital content is transmitted to said particular player 
application; and 

using an authenticator for receiving requests, using an extension mechanism defined 
by the application, to verify that a player appHcation that requests protected content has been 
authorized by the verification system to access the requested, protected content. 

Claim 19 (Original): A method according to Claim 16, wherein the trust certificate includes: 
a program identifier identifying said one of the applications; 
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a property name identifying an attribute certified by the trust certificate; 
a code digest of the one application; 

a digital signature containing a secret key of the application certifier; and 
a certifier identification containing a public key of the application certifier. 

Claim 20 (Currently Amended): A program storage device readable by machine, tangibly 
embodying a program of instructions executable by the machine to perform method steps for 
verifying, out of process, the identity of code, said method steps comprising: 

using a certificate generator for receiving applications, for detemiining if the 
applications exhibit a predefined property, and for issuing a trust certificate for each of the 
applications that exhibits the predefined property; 

receiving and storing in a certificate repository trust certificates issued by the 
certificate generator; 

using a an off-line code verifier for \^orif^ing that a to analyze program code of a 
particular player application to deter mine whether said particular player application is 
certified as a trusted application before digital content is transmitted to said particular player 
application; and 

using an authenticator for receiving requests, using an extension medianism defined 
by the application, to verify that a player application that requests protected content has been 
authorized by the verification system to access the requested, protected content. 

Claim 21 (Original): A program storage device according to Claim 20, wherein the trust 
certificate includes: 

a program identifier identifying said one of the applications; 

a property name identifying an attribute certified by the trust certificate; 

a code digest of the one application; 

a digital signature containing a secret key of the application certifier; and 
a certifier identification containing a public key of the application certifier. 
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